1 /* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
2 /* lib/krb5/os/sendto_kdc.c */
4 * Copyright 1990,1991,2001,2002,2004,2005,2007,2008 by the Massachusetts Institute of Technology.
7 * Export of this software from the United States of America may
8 * require a specific license from the United States Government.
9 * It is the responsibility of any person or organization contemplating
10 * export to obtain such a license before exporting.
12 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
13 * distribute this software and its documentation for any purpose and
14 * without fee is hereby granted, provided that the above copyright
15 * notice appear in all copies and that both that copyright notice and
16 * this permission notice appear in supporting documentation, and that
17 * the name of M.I.T. not be used in advertising or publicity pertaining
18 * to distribution of the software without specific, written prior
19 * permission. Furthermore if you modify this software you must label
20 * your software as modified software and not distribute it in such a
21 * fashion that it might be confused with the original M.I.T. software.
22 * M.I.T. makes no representations about the suitability of
23 * this software for any purpose. It is provided "as is" without express
24 * or implied warranty.
27 * MS-KKDCP implementation Copyright 2013,2014 Red Hat, Inc.
29 * Redistribution and use in source and binary forms, with or without
30 * modification, are permitted provided that the following conditions are met:
32 * 1. Redistributions of source code must retain the above copyright
33 * notice, this list of conditions and the following disclaimer.
35 * 2. Redistributions in binary form must reproduce the above copyright
36 * notice, this list of conditions and the following disclaimer in
37 * the documentation and/or other materials provided with the
40 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
41 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
42 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
43 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
44 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
46 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
47 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
48 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
49 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
50 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
53 /* Send packet to KDC for realm; wait for response, retransmitting
58 #include "fake-addrinfo.h"
62 #if defined(HAVE_POLL_H)
65 #define MAX_POLLFDS 1024
66 #elif defined(HAVE_SYS_SELECT_H)
67 #include <sys/select.h>
72 #include <sys/ioctl.h>
73 #ifdef HAVE_SYS_FILIO_H
74 #include <sys/filio.h>
79 #define DEFAULT_UDP_PREF_LIMIT 1465
80 #define HARD_UDP_LIMIT 32700 /* could probably do 64K-epsilon ? */
81 #define PORT_LENGTH 6 /* decimal repr of UINT16_MAX */
83 /* Select state flags. */
85 #define SSF_WRITE 0x02
86 #define SSF_EXCEPTION 0x04
88 typedef int64_t time_ms;
90 /* This can be pretty large, so should not be stack-allocated. */
93 struct pollfd fds[MAX_POLLFDS];
96 fd_set rfds, wfds, xfds;
101 /* connection states */
102 enum conn_states { INITIALIZING, CONNECTING, WRITING, READING, FAILED };
103 struct incoming_message {
104 size_t bufsizebytes_read;
108 unsigned char bufsizebytes[4];
112 struct outgoing_message {
116 unsigned char msg_len_buf[4];
120 typedef krb5_boolean fd_handler_fn(krb5_context context,
121 const krb5_data *realm,
122 struct conn_state *conn,
123 struct select_state *selstate);
127 enum conn_states state;
128 fd_handler_fn *service_connect;
129 fd_handler_fn *service_write;
130 fd_handler_fn *service_read;
131 struct remote_address addr;
132 struct incoming_message in;
133 struct outgoing_message out;
134 krb5_data callback_buffer;
136 struct conn_state *next;
140 const char *uri_path;
141 const char *servername;
142 char port[PORT_LENGTH];
148 /* Set up context->tls. On allocation failure, return ENOMEM. On plugin load
149 * failure, set context->tls to point to a nulled vtable and return 0. */
150 static krb5_error_code
151 init_tls_vtable(krb5_context context)
153 krb5_plugin_initvt_fn initfn;
155 if (context->tls != NULL)
158 context->tls = calloc(1, sizeof(*context->tls));
159 if (context->tls == NULL)
162 /* Attempt to load the module; just let it stay nulled out on failure. */
163 k5_plugin_register_dyn(context, PLUGIN_INTERFACE_TLS, "k5tls", "tls");
164 if (k5_plugin_load(context, PLUGIN_INTERFACE_TLS, "k5tls", &initfn) == 0)
165 (*initfn)(context, 0, 0, (krb5_plugin_vtable)context->tls);
170 /* Get current time in milliseconds. */
171 static krb5_error_code
172 get_curtime_ms(time_ms *time_out)
178 if (gettimeofday(&tv, 0))
180 *time_out = (time_ms)tv.tv_sec * 1000 + tv.tv_usec / 1000;
185 free_http_tls_data(krb5_context context, struct conn_state *state)
187 if (state->http.tls != NULL)
188 context->tls->free_handle(context, state->http.tls);
189 state->http.tls = NULL;
190 free(state->http.https_request);
191 state->http.https_request = NULL;
196 /* Find a pollfd in selstate by fd, or abort if we can't find it. */
197 static inline struct pollfd *
198 find_pollfd(struct select_state *selstate, int fd)
202 for (i = 0; i < selstate->nfds; i++) {
203 if (selstate->fds[i].fd == fd)
204 return &selstate->fds[i];
210 cm_init_selstate(struct select_state *selstate)
216 cm_add_fd(struct select_state *selstate, int fd)
218 if (selstate->nfds >= MAX_POLLFDS)
220 selstate->fds[selstate->nfds].fd = fd;
221 selstate->fds[selstate->nfds].events = 0;
227 cm_remove_fd(struct select_state *selstate, int fd)
229 struct pollfd *pfd = find_pollfd(selstate, fd);
231 *pfd = selstate->fds[selstate->nfds - 1];
235 /* Poll for reading (and not writing) on fd the next time we poll. */
237 cm_read(struct select_state *selstate, int fd)
239 find_pollfd(selstate, fd)->events = POLLIN;
242 /* Poll for writing (and not reading) on fd the next time we poll. */
244 cm_write(struct select_state *selstate, int fd)
246 find_pollfd(selstate, fd)->events = POLLOUT;
249 /* Get the output events for fd in the form of ssflags. */
251 cm_get_ssflags(struct select_state *selstate, int fd)
253 struct pollfd *pfd = find_pollfd(selstate, fd);
256 * OS X sets POLLHUP without POLLOUT on connection error. Catch this as
257 * well as other error events such as POLLNVAL, but only if POLLIN and
258 * POLLOUT aren't set, as we can get POLLHUP along with POLLIN with TCP
259 * data still to be read.
261 if (pfd->revents != 0 && !(pfd->revents & (POLLIN | POLLOUT)))
262 return SSF_EXCEPTION;
264 return ((pfd->revents & POLLIN) ? SSF_READ : 0) |
265 ((pfd->revents & POLLOUT) ? SSF_WRITE : 0) |
266 ((pfd->revents & POLLERR) ? SSF_EXCEPTION : 0);
269 #else /* not USE_POLL */
272 cm_init_selstate(struct select_state *selstate)
276 FD_ZERO(&selstate->rfds);
277 FD_ZERO(&selstate->wfds);
278 FD_ZERO(&selstate->xfds);
282 cm_add_fd(struct select_state *selstate, int fd)
284 #ifndef _WIN32 /* On Windows FD_SETSIZE is a count, not a max value. */
285 if (fd >= FD_SETSIZE)
288 FD_SET(fd, &selstate->xfds);
289 if (selstate->max <= fd)
290 selstate->max = fd + 1;
296 cm_remove_fd(struct select_state *selstate, int fd)
298 FD_CLR(fd, &selstate->rfds);
299 FD_CLR(fd, &selstate->wfds);
300 FD_CLR(fd, &selstate->xfds);
301 if (selstate->max == fd + 1) {
302 while (selstate->max > 0 &&
303 !FD_ISSET(selstate->max - 1, &selstate->rfds) &&
304 !FD_ISSET(selstate->max - 1, &selstate->wfds) &&
305 !FD_ISSET(selstate->max - 1, &selstate->xfds))
311 /* Select for reading (and not writing) on fd the next time we select. */
313 cm_read(struct select_state *selstate, int fd)
315 FD_SET(fd, &selstate->rfds);
316 FD_CLR(fd, &selstate->wfds);
319 /* Select for writing (and not reading) on fd the next time we select. */
321 cm_write(struct select_state *selstate, int fd)
323 FD_CLR(fd, &selstate->rfds);
324 FD_SET(fd, &selstate->wfds);
327 /* Get the events for fd from selstate after a select. */
329 cm_get_ssflags(struct select_state *selstate, int fd)
331 return (FD_ISSET(fd, &selstate->rfds) ? SSF_READ : 0) |
332 (FD_ISSET(fd, &selstate->wfds) ? SSF_WRITE : 0) |
333 (FD_ISSET(fd, &selstate->xfds) ? SSF_EXCEPTION : 0);
336 #endif /* not USE_POLL */
338 static krb5_error_code
339 cm_select_or_poll(const struct select_state *in, time_ms endtime,
340 struct select_state *out, int *sret)
345 krb5_error_code retval;
346 time_ms curtime, interval;
348 retval = get_curtime_ms(&curtime);
351 interval = (curtime < endtime) ? endtime - curtime : 0;
353 /* We don't need a separate copy of the selstate for poll, but use one for
354 * consistency with how we use select. */
358 *sret = poll(out->fds, out->nfds, interval);
360 tv.tv_sec = interval / 1000;
361 tv.tv_usec = interval % 1000 * 1000;
362 *sret = select(out->max, &out->rfds, &out->wfds, &out->xfds, &tv);
365 return (*sret < 0) ? SOCKET_ERRNO : 0;
369 socktype_for_transport(k5_transport transport)
383 check_for_svc_unavailable (krb5_context context,
384 const krb5_data *reply,
385 void *msg_handler_data)
387 krb5_error_code *retval = (krb5_error_code *)msg_handler_data;
391 if (krb5_is_krb_error(reply)) {
392 krb5_error *err_reply;
394 if (decode_krb5_error(reply, &err_reply) == 0) {
395 *retval = err_reply->error;
396 krb5_free_error(context, err_reply);
398 /* Returning 0 means continue to next KDC */
399 return (*retval != KDC_ERR_SVC_UNAVAILABLE);
407 krb5_set_kdc_send_hook(krb5_context context, krb5_pre_send_fn send_hook,
410 context->kdc_send_hook = send_hook;
411 context->kdc_send_hook_data = data;
415 krb5_set_kdc_recv_hook(krb5_context context, krb5_post_recv_fn recv_hook,
418 context->kdc_recv_hook = recv_hook;
419 context->kdc_recv_hook_data = data;
423 * send the formatted request 'message' to a KDC for realm 'realm' and
424 * return the response (if any) in 'reply'.
426 * If the message is sent and a response is received, 0 is returned,
427 * otherwise an error code is returned.
429 * The storage for 'reply' is allocated and should be freed by the caller
434 krb5_sendto_kdc(krb5_context context, const krb5_data *message,
435 const krb5_data *realm, krb5_data *reply_out, int *use_master,
438 krb5_error_code retval, oldret, err;
439 struct serverlist servers;
441 k5_transport_strategy strategy;
442 krb5_data reply = empty_data(), *hook_message = NULL, *hook_reply = NULL;
444 *reply_out = empty_data();
447 * find KDC location(s) for realm
451 * BUG: This code won't return "interesting" errors (e.g., out of mem,
452 * bad config file) from locate_kdc. KRB5_REALM_CANT_RESOLVE can be
453 * ignored from one query of two, but if only one query is done, or
454 * both return that error, it should be returned to the caller. Also,
455 * "interesting" errors (not KRB5_KDC_UNREACH) from sendto_{udp,tcp}
456 * should probably be returned as well.
459 TRACE_SENDTO_KDC(context, message->length, realm, *use_master, no_udp);
461 if (!no_udp && context->udp_pref_limit < 0) {
463 retval = profile_get_integer(context->profile,
464 KRB5_CONF_LIBDEFAULTS, KRB5_CONF_UDP_PREFERENCE_LIMIT, 0,
465 DEFAULT_UDP_PREF_LIMIT, &tmp);
469 tmp = DEFAULT_UDP_PREF_LIMIT;
470 else if (tmp > HARD_UDP_LIMIT)
471 /* In the unlikely case that a *really* big value is
472 given, let 'em use as big as we think we can
474 tmp = HARD_UDP_LIMIT;
475 context->udp_pref_limit = tmp;
480 else if (message->length <= (unsigned int) context->udp_pref_limit)
481 strategy = UDP_FIRST;
485 retval = k5_locate_kdc(context, realm, &servers, *use_master, no_udp);
489 if (context->kdc_send_hook != NULL) {
490 retval = context->kdc_send_hook(context, context->kdc_send_hook_data,
491 realm, message, &hook_message,
496 if (hook_reply != NULL) {
497 *reply_out = *hook_reply;
502 if (hook_message != NULL)
503 message = hook_message;
507 retval = k5_sendto(context, message, realm, &servers, strategy, NULL,
508 &reply, NULL, NULL, &server_used,
509 check_for_svc_unavailable, &err);
510 if (retval == KRB5_KDC_UNREACH) {
511 if (err == KDC_ERR_SVC_UNAVAILABLE) {
512 retval = KRB5KDC_ERR_SVC_UNAVAILABLE;
514 k5_setmsg(context, retval,
515 _("Cannot contact any KDC for realm '%.*s'"),
516 realm->length, realm->data);
520 if (context->kdc_recv_hook != NULL) {
522 retval = context->kdc_recv_hook(context, context->kdc_recv_hook_data,
523 retval, realm, message, &reply,
525 if (oldret && !retval) {
526 /* The hook must set a reply if it overrides an error from
527 * k5_sendto(). Treat this reply as coming from the master KDC. */
528 assert(hook_reply != NULL);
535 if (hook_reply != NULL) {
536 *reply_out = *hook_reply;
540 reply = empty_data();
543 /* Set use_master to 1 if we ended up talking to a master when we didn't
544 * explicitly request to. */
545 if (*use_master == 0) {
546 *use_master = k5_kdc_is_master(context, realm,
547 &servers.servers[server_used]);
548 TRACE_SENDTO_KDC_MASTER(context, *use_master);
552 krb5_free_data(context, hook_message);
553 krb5_free_data_contents(context, &reply);
554 k5_free_serverlist(&servers);
561 * Getting "connection refused" on a connected UDP socket causes
562 * select to indicate write capability on UNIX, but only shows up
563 * as an exception on Windows. (I don't think any UNIX system flags
564 * the error as an exception.) So we check for both, or make it
567 * Always watch for responses from *any* of the servers. Eventually
568 * fix the UDP code to do the same.
571 * - TCP NOPUSH/CORK socket options?
572 * - error codes that don't suck
573 * - getsockopt(SO_ERROR) to check connect status
574 * - handle error RESPONSE_TOO_BIG from UDP server and use TCP
575 * connections already in progress
578 static fd_handler_fn service_tcp_connect;
579 static fd_handler_fn service_tcp_write;
580 static fd_handler_fn service_tcp_read;
581 static fd_handler_fn service_udp_read;
582 static fd_handler_fn service_https_write;
583 static fd_handler_fn service_https_read;
585 static krb5_error_code
586 make_proxy_request(struct conn_state *state, const krb5_data *realm,
587 const krb5_data *message, char **req_out, size_t *len_out)
589 krb5_kkdcp_message pm;
590 krb5_data *encoded_pm = NULL;
592 const char *uri_path;
599 * Stuff the message length in at the front of the kerb_message field
600 * before encoding. The proxied messages are actually the payload we'd
601 * be sending and receiving if we were using plain TCP.
603 memset(&pm, 0, sizeof(pm));
604 ret = alloc_data(&pm.kerb_message, message->length + 4);
607 store_32_be(message->length, pm.kerb_message.data);
608 memcpy(pm.kerb_message.data + 4, message->data, message->length);
609 pm.target_domain = *realm;
610 ret = encode_krb5_kkdcp_message(&pm, &encoded_pm);
614 /* Build the request to transmit: the headers + the proxy message. */
615 k5_buf_init_dynamic(&buf);
616 uri_path = (state->http.uri_path != NULL) ? state->http.uri_path : "";
617 k5_buf_add_fmt(&buf, "POST /%s HTTP/1.0\r\n", uri_path);
618 k5_buf_add_fmt(&buf, "Host: %s:%s\r\n", state->http.servername,
620 k5_buf_add(&buf, "Cache-Control: no-cache\r\n");
621 k5_buf_add(&buf, "Pragma: no-cache\r\n");
622 k5_buf_add(&buf, "User-Agent: kerberos/1.0\r\n");
623 k5_buf_add(&buf, "Content-type: application/kerberos\r\n");
624 k5_buf_add_fmt(&buf, "Content-Length: %d\r\n\r\n", encoded_pm->length);
625 k5_buf_add_len(&buf, encoded_pm->data, encoded_pm->length);
626 if (k5_buf_status(&buf) != 0) {
635 krb5_free_data_contents(NULL, &pm.kerb_message);
636 krb5_free_data(NULL, encoded_pm);
640 /* Set up the actual message we will send across the underlying transport to
641 * communicate the payload message, using one or both of state->out.sgbuf. */
642 static krb5_error_code
643 set_transport_message(struct conn_state *state, const krb5_data *realm,
644 const krb5_data *message)
646 struct outgoing_message *out = &state->out;
651 if (message == NULL || message->length == 0)
654 if (state->addr.transport == TCP) {
655 store_32_be(message->length, out->msg_len_buf);
656 SG_SET(&out->sgbuf[0], out->msg_len_buf, 4);
657 SG_SET(&out->sgbuf[1], message->data, message->length);
660 } else if (state->addr.transport == HTTPS) {
661 ret = make_proxy_request(state, realm, message, &req, &reqlen);
664 SG_SET(&state->out.sgbuf[0], req, reqlen);
665 SG_SET(&state->out.sgbuf[1], 0, 0);
666 state->out.sg_count = 1;
667 free(state->http.https_request);
668 state->http.https_request = req;
671 SG_SET(&out->sgbuf[0], message->data, message->length);
672 SG_SET(&out->sgbuf[1], NULL, 0);
678 static krb5_error_code
679 add_connection(struct conn_state **conns, k5_transport transport,
680 krb5_boolean defer, struct addrinfo *ai, size_t server_index,
681 const krb5_data *realm, const char *hostname,
682 const char *port, const char *uri_path, char **udpbufp)
684 struct conn_state *state, **tailptr;
686 state = calloc(1, sizeof(*state));
689 state->state = INITIALIZING;
690 state->out.sgp = state->out.sgbuf;
691 state->addr.transport = transport;
692 state->addr.family = ai->ai_family;
693 state->addr.len = ai->ai_addrlen;
694 memcpy(&state->addr.saddr, ai->ai_addr, ai->ai_addrlen);
695 state->defer = defer;
696 state->fd = INVALID_SOCKET;
697 state->server_index = server_index;
698 SG_SET(&state->out.sgbuf[1], NULL, 0);
699 if (transport == TCP) {
700 state->service_connect = service_tcp_connect;
701 state->service_write = service_tcp_write;
702 state->service_read = service_tcp_read;
703 } else if (transport == HTTPS) {
704 assert(hostname != NULL && port != NULL);
705 state->service_connect = service_tcp_connect;
706 state->service_write = service_https_write;
707 state->service_read = service_https_read;
708 state->http.uri_path = uri_path;
709 state->http.servername = hostname;
710 strlcpy(state->http.port, port, PORT_LENGTH);
712 state->service_connect = NULL;
713 state->service_write = NULL;
714 state->service_read = service_udp_read;
716 if (*udpbufp == NULL) {
717 *udpbufp = malloc(MAX_DGRAM_SIZE);
721 state->in.buf = *udpbufp;
722 state->in.bufsize = MAX_DGRAM_SIZE;
725 /* Chain the new state onto the tail of the list. */
726 for (tailptr = conns; *tailptr != NULL; tailptr = &(*tailptr)->next);
733 translate_ai_error (int err)
742 /* All of these indicate bad inputs to getaddrinfo. */
745 /* Translate to standard errno code. */
748 /* Translate to standard errno code. */
750 #ifdef EAI_ADDRFAMILY
753 #if defined(EAI_NODATA) && EAI_NODATA != EAI_NONAME
757 /* Name not known or no address data, but no error. Do
762 /* An argument buffer overflowed. */
763 return EINVAL; /* XXX */
767 /* System error, obviously. */
771 /* An error code we haven't handled? */
777 * Resolve the entry in servers with index ind, adding connections to the list
778 * *conns. Connections are added for each of socktype1 and (if not zero)
779 * socktype2. message and udpbufp are used to initialize the connections; see
780 * add_connection above. If no addresses are available for an entry but no
781 * internal name resolution failure occurs, return 0 without adding any new
784 static krb5_error_code
785 resolve_server(krb5_context context, const krb5_data *realm,
786 const struct serverlist *servers, size_t ind,
787 k5_transport_strategy strategy, const krb5_data *message,
788 char **udpbufp, struct conn_state **conns)
790 krb5_error_code retval;
791 struct server_entry *entry = &servers->servers[ind];
792 k5_transport transport;
793 struct addrinfo *addrs, *a, hint, ai;
794 krb5_boolean defer = FALSE;
796 char portbuf[PORT_LENGTH];
798 /* Skip UDP entries if we don't want UDP. */
799 if (strategy == NO_UDP && entry->transport == UDP)
802 transport = (strategy == UDP_FIRST) ? UDP : TCP;
803 if (entry->hostname == NULL) {
804 /* Added by a module, so transport is either TCP or UDP. */
805 ai.ai_socktype = socktype_for_transport(entry->transport);
806 ai.ai_family = entry->family;
807 ai.ai_addrlen = entry->addrlen;
808 ai.ai_addr = (struct sockaddr *)&entry->addr;
809 defer = (entry->transport != transport);
810 return add_connection(conns, entry->transport, defer, &ai, ind, realm,
811 NULL, NULL, entry->uri_path, udpbufp);
814 /* If the entry has a specified transport, use it, but possibly defer the
815 * addresses we add based on the strategy. */
816 if (entry->transport != TCP_OR_UDP) {
817 transport = entry->transport;
818 defer = (entry->transport == TCP && strategy == UDP_FIRST) ||
819 (entry->transport == UDP && strategy == UDP_LAST);
822 memset(&hint, 0, sizeof(hint));
823 hint.ai_family = entry->family;
824 hint.ai_socktype = socktype_for_transport(transport);
825 hint.ai_flags = AI_ADDRCONFIG;
826 #ifdef AI_NUMERICSERV
827 hint.ai_flags |= AI_NUMERICSERV;
829 result = snprintf(portbuf, sizeof(portbuf), "%d", entry->port);
830 if (SNPRINTF_OVERFLOW(result, sizeof(portbuf)))
832 TRACE_SENDTO_KDC_RESOLVING(context, entry->hostname);
833 err = getaddrinfo(entry->hostname, portbuf, &hint, &addrs);
835 return translate_ai_error(err);
837 /* Add each address with the specified or preferred transport. */
839 for (a = addrs; a != 0 && retval == 0; a = a->ai_next) {
840 retval = add_connection(conns, transport, defer, a, ind, realm,
841 entry->hostname, portbuf, entry->uri_path,
845 /* For TCP_OR_UDP entries, add each address again with the non-preferred
846 * transport, unless we are avoiding UDP. Flag these as deferred. */
847 if (retval == 0 && entry->transport == TCP_OR_UDP && strategy != NO_UDP) {
848 transport = (strategy == UDP_FIRST) ? TCP : UDP;
849 for (a = addrs; a != 0 && retval == 0; a = a->ai_next) {
850 a->ai_socktype = socktype_for_transport(transport);
851 retval = add_connection(conns, transport, TRUE, a, ind, realm,
852 entry->hostname, portbuf,
853 entry->uri_path, udpbufp);
861 start_connection(krb5_context context, struct conn_state *state,
862 const krb5_data *message, struct select_state *selstate,
863 const krb5_data *realm,
864 struct sendto_callback_info *callback_info)
867 static const int one = 1;
868 static const struct linger lopt = { 0, 0 };
870 type = socktype_for_transport(state->addr.transport);
871 fd = socket(state->addr.family, type, 0);
872 if (fd == INVALID_SOCKET)
873 return -1; /* try other hosts */
875 /* Make it non-blocking. */
876 ioctlsocket(fd, FIONBIO, (const void *) &one);
877 if (state->addr.transport == TCP) {
878 setsockopt(fd, SOL_SOCKET, SO_LINGER, &lopt, sizeof(lopt));
879 TRACE_SENDTO_KDC_TCP_CONNECT(context, &state->addr);
882 /* Start connecting to KDC. */
883 e = connect(fd, (struct sockaddr *)&state->addr.saddr, state->addr.len);
886 * This is the path that should be followed for non-blocking
889 if (SOCKET_ERRNO == EINPROGRESS || SOCKET_ERRNO == EWOULDBLOCK) {
890 state->state = CONNECTING;
893 (void) closesocket(fd);
894 state->state = FAILED;
899 * Connect returned zero even though we made it non-blocking. This
900 * happens normally for UDP sockets, and can perhaps also happen for
901 * TCP sockets connecting to localhost.
903 state->state = WRITING;
908 * Here's where KPASSWD callback gets the socket information it needs for
913 e = callback_info->pfn_callback(state->fd, callback_info->data,
914 &state->callback_buffer);
916 (void) closesocket(fd);
917 state->fd = INVALID_SOCKET;
918 state->state = FAILED;
922 message = &state->callback_buffer;
925 e = set_transport_message(state, realm, message);
927 TRACE_SENDTO_KDC_ERROR_SET_MESSAGE(context, &state->addr, e);
928 (void) closesocket(state->fd);
929 state->fd = INVALID_SOCKET;
930 state->state = FAILED;
934 if (state->addr.transport == UDP) {
937 sg_buf *sg = &state->out.sgbuf[0];
939 TRACE_SENDTO_KDC_UDP_SEND_INITIAL(context, &state->addr);
940 ret = send(state->fd, SG_BUF(sg), SG_LEN(sg), 0);
941 if (ret < 0 || (size_t) ret != SG_LEN(sg)) {
942 TRACE_SENDTO_KDC_UDP_ERROR_SEND_INITIAL(context, &state->addr,
944 (void) closesocket(state->fd);
945 state->fd = INVALID_SOCKET;
946 state->state = FAILED;
949 state->state = READING;
953 if (!cm_add_fd(selstate, state->fd)) {
954 (void) closesocket(state->fd);
955 state->fd = INVALID_SOCKET;
956 state->state = FAILED;
959 if (state->state == CONNECTING || state->state == WRITING)
960 cm_write(selstate, state->fd);
962 cm_read(selstate, state->fd);
967 /* Return 0 if we sent something, non-0 otherwise.
968 If 0 is returned, the caller should delay waiting for a response.
969 Otherwise, the caller should immediately move on to process the
972 maybe_send(krb5_context context, struct conn_state *conn,
973 const krb5_data *message, struct select_state *selstate,
974 const krb5_data *realm,
975 struct sendto_callback_info *callback_info)
980 if (conn->state == INITIALIZING) {
981 return start_connection(context, conn, message, selstate,
982 realm, callback_info);
985 /* Did we already shut down this channel? */
986 if (conn->state == FAILED) {
990 if (conn->addr.transport != UDP) {
991 /* The select callback will handle flushing any data we
992 haven't written yet, and we only write it once. */
996 /* UDP - retransmit after a previous attempt timed out. */
997 sg = &conn->out.sgbuf[0];
998 TRACE_SENDTO_KDC_UDP_SEND_RETRY(context, &conn->addr);
999 ret = send(conn->fd, SG_BUF(sg), SG_LEN(sg), 0);
1000 if (ret < 0 || (size_t) ret != SG_LEN(sg)) {
1001 TRACE_SENDTO_KDC_UDP_ERROR_SEND_RETRY(context, &conn->addr,
1003 /* Keep connection alive, we'll try again next pass.
1005 Is this likely to catch any errors we didn't get from the
1006 select callbacks? */
1009 /* Yay, it worked. */
1014 kill_conn(krb5_context context, struct conn_state *conn,
1015 struct select_state *selstate)
1017 free_http_tls_data(context, conn);
1019 if (socktype_for_transport(conn->addr.transport) == SOCK_STREAM)
1020 TRACE_SENDTO_KDC_TCP_DISCONNECT(context, &conn->addr);
1021 cm_remove_fd(selstate, conn->fd);
1023 closesocket(conn->fd);
1024 conn->fd = INVALID_SOCKET;
1025 conn->state = FAILED;
1028 /* Check socket for error. */
1030 get_so_error(int fd)
1033 socklen_t sockerrlen;
1036 sockerrlen = sizeof(sockerr);
1037 e = getsockopt(fd, SOL_SOCKET, SO_ERROR, &sockerr, &sockerrlen);
1039 /* What to do now? */
1046 /* Perform next step in sending. Return true on usable data. */
1048 service_dispatch(krb5_context context, const krb5_data *realm,
1049 struct conn_state *conn, struct select_state *selstate,
1052 /* Check for a socket exception. */
1053 if (ssflags & SSF_EXCEPTION) {
1054 kill_conn(context, conn, selstate);
1058 switch (conn->state) {
1060 assert(conn->service_connect != NULL);
1061 return conn->service_connect(context, realm, conn, selstate);
1063 assert(conn->service_write != NULL);
1064 return conn->service_write(context, realm, conn, selstate);
1066 assert(conn->service_read != NULL);
1067 return conn->service_read(context, realm, conn, selstate);
1073 /* Initialize TCP transport. */
1075 service_tcp_connect(krb5_context context, const krb5_data *realm,
1076 struct conn_state *conn, struct select_state *selstate)
1078 /* Check whether the connection succeeded. */
1079 int e = get_so_error(conn->fd);
1082 TRACE_SENDTO_KDC_TCP_ERROR_CONNECT(context, &conn->addr, e);
1083 kill_conn(context, conn, selstate);
1087 conn->state = WRITING;
1089 /* Record this connection's timeout for service_fds. */
1090 if (get_curtime_ms(&conn->endtime) == 0)
1091 conn->endtime += 10000;
1093 return conn->service_write(context, realm, conn, selstate);
1096 /* Sets conn->state to READING when done. */
1098 service_tcp_write(krb5_context context, const krb5_data *realm,
1099 struct conn_state *conn, struct select_state *selstate)
1102 SOCKET_WRITEV_TEMP tmp;
1104 TRACE_SENDTO_KDC_TCP_SEND(context, &conn->addr);
1105 nwritten = SOCKET_WRITEV(conn->fd, conn->out.sgp, conn->out.sg_count, tmp);
1107 TRACE_SENDTO_KDC_TCP_ERROR_SEND(context, &conn->addr, SOCKET_ERRNO);
1108 kill_conn(context, conn, selstate);
1112 sg_buf *sgp = conn->out.sgp;
1113 if ((size_t)nwritten < SG_LEN(sgp)) {
1114 SG_ADVANCE(sgp, (size_t)nwritten);
1117 nwritten -= SG_LEN(sgp);
1119 conn->out.sg_count--;
1122 if (conn->out.sg_count == 0) {
1123 /* Done writing, switch to reading. */
1124 cm_read(selstate, conn->fd);
1125 conn->state = READING;
1130 /* Return true on usable data. */
1132 service_tcp_read(krb5_context context, const krb5_data *realm,
1133 struct conn_state *conn, struct select_state *selstate)
1137 struct incoming_message *in = &conn->in;
1139 if (in->bufsizebytes_read == 4) {
1141 nread = SOCKET_READ(conn->fd, &in->buf[in->pos], in->n_left);
1143 e = nread ? SOCKET_ERRNO : ECONNRESET;
1144 TRACE_SENDTO_KDC_TCP_ERROR_RECV(context, &conn->addr, e);
1145 kill_conn(context, conn, selstate);
1148 in->n_left -= nread;
1150 if (in->n_left <= 0)
1153 /* Reading length. */
1154 nread = SOCKET_READ(conn->fd, in->bufsizebytes + in->bufsizebytes_read,
1155 4 - in->bufsizebytes_read);
1157 e = nread ? SOCKET_ERRNO : ECONNRESET;
1158 TRACE_SENDTO_KDC_TCP_ERROR_RECV_LEN(context, &conn->addr, e);
1159 kill_conn(context, conn, selstate);
1162 in->bufsizebytes_read += nread;
1163 if (in->bufsizebytes_read == 4) {
1164 unsigned long len = load_32_be(in->bufsizebytes);
1165 /* Arbitrary 1M cap. */
1166 if (len > 1 * 1024 * 1024) {
1167 kill_conn(context, conn, selstate);
1170 in->bufsize = in->n_left = len;
1172 in->buf = malloc(len);
1173 if (in->buf == NULL) {
1174 kill_conn(context, conn, selstate);
1182 /* Process events on a UDP socket. Return true if we get a reply. */
1184 service_udp_read(krb5_context context, const krb5_data *realm,
1185 struct conn_state *conn, struct select_state *selstate)
1189 nread = recv(conn->fd, conn->in.buf, conn->in.bufsize, 0);
1191 TRACE_SENDTO_KDC_UDP_ERROR_RECV(context, &conn->addr, SOCKET_ERRNO);
1192 kill_conn(context, conn, selstate);
1195 conn->in.pos = nread;
1199 /* Set up conn->http.tls. Return true on success. */
1201 setup_tls(krb5_context context, const krb5_data *realm,
1202 struct conn_state *conn, struct select_state *selstate)
1204 krb5_error_code ret;
1205 krb5_boolean ok = FALSE;
1206 char **anchors = NULL, *realmstr = NULL;
1207 const char *names[4];
1209 if (init_tls_vtable(context) != 0 || context->tls->setup == NULL)
1212 realmstr = k5memdup0(realm->data, realm->length, &ret);
1213 if (realmstr == NULL)
1216 /* Load the configured anchors. */
1217 names[0] = KRB5_CONF_REALMS;
1218 names[1] = realmstr;
1219 names[2] = KRB5_CONF_HTTP_ANCHORS;
1221 ret = profile_get_values(context->profile, names, &anchors);
1222 if (ret != 0 && ret != PROF_NO_RELATION)
1225 if (context->tls->setup(context, conn->fd, conn->http.servername, anchors,
1226 &conn->http.tls) != 0) {
1227 TRACE_SENDTO_KDC_HTTPS_ERROR_CONNECT(context, &conn->addr);
1235 profile_free_list(anchors);
1239 /* Set conn->state to READING when done; otherwise, call a cm_set_. */
1241 service_https_write(krb5_context context, const krb5_data *realm,
1242 struct conn_state *conn, struct select_state *selstate)
1246 /* If this is our first time in here, set up the SSL context. */
1247 if (conn->http.tls == NULL && !setup_tls(context, realm, conn, selstate)) {
1248 kill_conn(context, conn, selstate);
1252 /* Try to transmit our request to the server. */
1253 st = context->tls->write(context, conn->http.tls, SG_BUF(conn->out.sgp),
1254 SG_LEN(conn->out.sgbuf));
1256 TRACE_SENDTO_KDC_HTTPS_SEND(context, &conn->addr);
1257 cm_read(selstate, conn->fd);
1258 conn->state = READING;
1259 } else if (st == WANT_READ) {
1260 cm_read(selstate, conn->fd);
1261 } else if (st == WANT_WRITE) {
1262 cm_write(selstate, conn->fd);
1263 } else if (st == ERROR_TLS) {
1264 TRACE_SENDTO_KDC_HTTPS_ERROR_SEND(context, &conn->addr);
1265 kill_conn(context, conn, selstate);
1271 /* Return true on finished data. Call a cm_read/write function and return
1272 * false if the TLS layer needs it. Kill the connection on error. */
1274 https_read_bytes(krb5_context context, struct conn_state *conn,
1275 struct select_state *selstate)
1277 size_t bufsize, nread;
1280 struct incoming_message *in = &conn->in;
1283 if (in->buf == NULL || in->bufsize - in->pos < 1024) {
1284 bufsize = in->bufsize ? in->bufsize * 2 : 8192;
1285 if (bufsize > 1024 * 1024) {
1286 kill_conn(context, conn, selstate);
1289 tmp = realloc(in->buf, bufsize);
1291 kill_conn(context, conn, selstate);
1295 in->bufsize = bufsize;
1298 st = context->tls->read(context, conn->http.tls, &in->buf[in->pos],
1299 in->bufsize - in->pos - 1, &nread);
1300 if (st != DATA_READ)
1304 in->buf[in->pos] = '\0';
1310 if (st == WANT_READ) {
1311 cm_read(selstate, conn->fd);
1312 } else if (st == WANT_WRITE) {
1313 cm_write(selstate, conn->fd);
1314 } else if (st == ERROR_TLS) {
1315 TRACE_SENDTO_KDC_HTTPS_ERROR_RECV(context, &conn->addr);
1316 kill_conn(context, conn, selstate);
1321 /* Return true on readable, valid KKDCPP data. */
1323 service_https_read(krb5_context context, const krb5_data *realm,
1324 struct conn_state *conn, struct select_state *selstate)
1326 krb5_kkdcp_message *pm = NULL;
1329 struct incoming_message *in = &conn->in;
1331 /* Read data through the encryption layer. */
1332 if (!https_read_bytes(context, conn, selstate))
1335 /* Find the beginning of the response body. */
1336 rep = strstr(in->buf, "\r\n\r\n");
1341 /* Decode the response. */
1342 buf = make_data((char *)rep, in->pos - (rep - in->buf));
1343 if (decode_krb5_kkdcp_message(&buf, &pm) != 0)
1346 /* Check and discard the message length at the front of the kerb_message
1347 * field after decoding. If it's wrong or missing, something broke. */
1348 if (pm->kerb_message.length < 4 ||
1349 load_32_be(pm->kerb_message.data) != pm->kerb_message.length - 4) {
1353 /* Replace all of the content that we read back with just the message. */
1354 memcpy(in->buf, pm->kerb_message.data + 4, pm->kerb_message.length - 4);
1355 in->pos = pm->kerb_message.length - 4;
1356 k5_free_kkdcp_message(context, pm);
1361 TRACE_SENDTO_KDC_HTTPS_ERROR(context, in->buf);
1362 k5_free_kkdcp_message(context, pm);
1363 kill_conn(context, conn, selstate);
1367 /* Return the maximum of endtime and the endtime fields of all currently active
1368 * TCP connections. */
1370 get_endtime(time_ms endtime, struct conn_state *conns)
1372 struct conn_state *state;
1374 for (state = conns; state != NULL; state = state->next) {
1375 if (state->addr.transport == TCP &&
1376 (state->state == READING || state->state == WRITING) &&
1377 state->endtime > endtime)
1378 endtime = state->endtime;
1384 service_fds(krb5_context context, struct select_state *selstate,
1385 time_ms interval, struct conn_state *conns,
1386 struct select_state *seltemp, const krb5_data *realm,
1387 int (*msg_handler)(krb5_context, const krb5_data *, void *),
1388 void *msg_handler_data, struct conn_state **winner_out)
1392 struct conn_state *state;
1396 e = get_curtime_ms(&endtime);
1399 endtime += interval;
1402 while (selstate->nfds > 0) {
1403 e = cm_select_or_poll(selstate, get_endtime(endtime, conns),
1411 /* Timeout, return to caller. */
1414 /* Got something on a socket, process it. */
1415 for (state = conns; state != NULL; state = state->next) {
1418 if (state->fd == INVALID_SOCKET)
1420 ssflags = cm_get_ssflags(seltemp, state->fd);
1424 if (service_dispatch(context, realm, state, selstate, ssflags)) {
1427 if (msg_handler != NULL) {
1428 krb5_data reply = make_data(state->in.buf, state->in.pos);
1430 stop = (msg_handler(context, &reply, msg_handler_data) != 0);
1434 *winner_out = state;
1446 * Current worst-case timeout behavior:
1448 * First pass, 1s per udp or tcp server, plus 2s at end.
1449 * Second pass, 1s per udp server, plus 4s.
1450 * Third pass, 1s per udp server, plus 8s.
1451 * Fourth => 16s, etc.
1454 * Per UDP server, 1s per pass.
1455 * Per TCP server, 1s.
1456 * Backoff delay, 2**(P+1) - 2, where P is total number of passes.
1458 * Total = 2**(P+1) + U*P + T - 2.
1460 * If P=3, Total = 3*U + T + 14.
1461 * If P=4, Total = 4*U + T + 30.
1463 * Note that if you try to reach two ports on one server, it counts as two.
1465 * There is one exception to the above rules. Whenever a TCP connection is
1466 * established, we wait up to ten seconds for it to finish or fail before
1467 * moving on. This reduces network traffic significantly in a TCP environment.
1471 k5_sendto(krb5_context context, const krb5_data *message,
1472 const krb5_data *realm, const struct serverlist *servers,
1473 k5_transport_strategy strategy,
1474 struct sendto_callback_info* callback_info, krb5_data *reply,
1475 struct sockaddr *remoteaddr, socklen_t *remoteaddrlen,
1477 /* return 0 -> keep going, 1 -> quit */
1478 int (*msg_handler)(krb5_context, const krb5_data *, void *),
1479 void *msg_handler_data)
1483 krb5_error_code retval;
1484 struct conn_state *conns = NULL, *state, **tailptr, *next, *winner;
1486 struct select_state *sel_state = NULL, *seltemp;
1487 char *udpbuf = NULL;
1488 krb5_boolean done = FALSE;
1490 *reply = empty_data();
1492 /* One for use here, listing all our fds in use, and one for
1493 * temporary use in service_fds, for the fds of interest. */
1494 sel_state = malloc(2 * sizeof(*sel_state));
1495 if (sel_state == NULL) {
1499 seltemp = &sel_state[1];
1500 cm_init_selstate(sel_state);
1502 /* First pass: resolve server hosts, communicate with resulting addresses
1503 * of the preferred transport, and wait 1s for an answer from each. */
1504 for (s = 0; s < servers->nservers && !done; s++) {
1505 /* Find the current tail pointer. */
1506 for (tailptr = &conns; *tailptr != NULL; tailptr = &(*tailptr)->next);
1507 retval = resolve_server(context, realm, servers, s, strategy, message,
1511 for (state = *tailptr; state != NULL && !done; state = state->next) {
1512 /* Contact each new connection, deferring those which use the
1513 * non-preferred RFC 4120 transport. */
1516 if (maybe_send(context, state, message, sel_state, realm,
1519 done = service_fds(context, sel_state, 1000, conns, seltemp,
1520 realm, msg_handler, msg_handler_data, &winner);
1524 /* Complete the first pass by contacting servers of the non-preferred RFC
1525 * 4120 transport (if given), waiting 1s for an answer from each. */
1526 for (state = conns; state != NULL && !done; state = state->next) {
1529 if (maybe_send(context, state, message, sel_state, realm,
1532 done = service_fds(context, sel_state, 1000, conns, seltemp,
1533 realm, msg_handler, msg_handler_data, &winner);
1536 /* Wait for two seconds at the end of the first pass. */
1538 done = service_fds(context, sel_state, 2000, conns, seltemp,
1539 realm, msg_handler, msg_handler_data, &winner);
1542 /* Make remaining passes over all of the connections. */
1544 for (pass = 1; pass < MAX_PASS && !done; pass++) {
1545 for (state = conns; state != NULL && !done; state = state->next) {
1546 if (maybe_send(context, state, message, sel_state, realm,
1549 done = service_fds(context, sel_state, 1000, conns, seltemp,
1550 realm, msg_handler, msg_handler_data, &winner);
1551 if (sel_state->nfds == 0)
1554 /* Wait for the delay backoff at the end of this pass. */
1556 done = service_fds(context, sel_state, delay, conns, seltemp,
1557 realm, msg_handler, msg_handler_data, &winner);
1559 if (sel_state->nfds == 0)
1564 if (sel_state->nfds == 0 || !done || winner == NULL) {
1565 retval = KRB5_KDC_UNREACH;
1569 *reply = make_data(winner->in.buf, winner->in.pos);
1571 winner->in.buf = NULL;
1572 if (server_used != NULL)
1573 *server_used = winner->server_index;
1574 if (remoteaddr != NULL && remoteaddrlen != 0 && *remoteaddrlen > 0)
1575 (void)getpeername(winner->fd, remoteaddr, remoteaddrlen);
1576 TRACE_SENDTO_KDC_RESPONSE(context, reply->length, &winner->addr);
1579 for (state = conns; state != NULL; state = next) {
1581 if (state->fd != INVALID_SOCKET) {
1582 if (socktype_for_transport(state->addr.transport) == SOCK_STREAM)
1583 TRACE_SENDTO_KDC_TCP_DISCONNECT(context, &state->addr);
1584 closesocket(state->fd);
1585 free_http_tls_data(context, state);
1587 if (state->in.buf != udpbuf)
1588 free(state->in.buf);
1589 if (callback_info) {
1590 callback_info->pfn_cleanup(callback_info->data,
1591 &state->callback_buffer);
1596 if (reply->data != udpbuf)